Erik Gerding, the director of the SEC’s Division of Corporation Finance, has issued a statement that summarizes the state of disclosure for fiscal year 2023 and sets out disclosure priorities for 2024.
He emphasized how critically important disclosures are to investors of all kinds – not only when a company initially offers its securities to the market, but beyond that in the secondary markets, when updated disclosures are of critical need to ongoing investor decision-making.
And he reminded firms that the SEC offers Sample or Dear Issuer letters (a recent one covered disclosure obligations as they relate to eXtensible Business Reporting Language or XBRL) and other general communications on topics such as China-related matters, disruptions in crypto markets, and data-tagging.
“These letters often focus on emerging issues and are designed to better help companies understand what disclosures might be required under existing disclosure rules in order to help ensure that investors are receiving information they need to make informed investment and voting decisions,” he said.
Gerding made it clear that the statement was not a rule, regulation, or even a statement emanating from the SEC as an agency, so it created no new obligations for any entity or person.
Emerging areas of focus
Gerding said emerging areas of focus in 2023 included:
- market disruptions in the banking industry;
- cybersecurity risks;
- the impact of inflation; and
- disclosure related to newly adopted rules, such as pay versus performance.
“We also continued to monitor disclosures by companies based in, or with a majority of their operations in the People’s Republic of China, what we call ‘China-Based Companies,’” he said.
Gerding said China-based companies must provide (at both the issuer and consolidated foreign operating entity level) the following: information on ownership and controlling financial interests by foreign government entities; identification of Chinese Communist Party (CCP) officials who are on the issuer’s board; and whether the issuer’s articles of incorporation (or any equivalent organizing document) contain any “charter” of the CCP.
The SEC generally had some need for additional transparency from some companies, either because the disclosure was missing or deficient – or the scope of representations by the company were vague or unclear, he said.
With pay versus performance, or PVP, relevant disclosure requirements went into effect in late 2022, requiring disclosure of information reflecting the relationship between executive compensation actually paid by a company and the company’s financial performance.
“A number of rules may require disclosure about how a company uses AI and the risks related to its use, including in the description of business section, risk factors, MD&A, financial statements, and the board’s role in risk oversight.”
Erik Gerding, Director, SEC Division of Corporation Finance
In 2023, Division staff assessed the first year of PVP disclosures through several lenses, including using XBRL tagging to analyze disclosures in a large number of filings. “As part of that work, we looked at over 2,400 inline XBRL disclosures. We also conducted a more detailed review of PVP disclosure in a random sample of proxy statements across industries, and in some instances issued forward-looking comments,” Gerding said.
Gerding said the SEC observed some disclosure issues and published a number of Compliance & Disclosure Interpretations (C&DI) on the PVP rules to help registrants going forward, which he hopes they found useful this year.
Disclosure priorities for 2024
The SEC’s disclosure priorities for 2024 include:
- examining how companies are complying with relevant accounting standards;
- how businesses are assessing the material risks companies face from the Chinese government;
- what businesses are doing if they still face any material, ongoing impacts from inflation; and
- updated disclosures related to interest rate risk and liquidity risk, given the market disruptions in the banking industry that began about a year ago.
He said the SEC was also tracking how companies are navigating the disclosure requirements resulting from newly adopted rules, including clawbacks , cybersecurity, and artificial intelligence (AI). Gerding elaborated on the latter point, and newly updated Q&As on Form 8-K disclosure requirements focused on cybersecurity specifically were released by the Commission on Monday alongside his statement.
AI disclosure
Over the last year, the SEC has observed a significant increase in the number of companies that mention artificial intelligence in their annual reports. These companies often discussed the topic in the risk factors or description of business sections, or both, and some of them discuss the topic in their management’s discussion and analysis (MD&A).
“As companies incorporate the use of artificial intelligence into their business operations, they are exposed to additional operational and regulatory risks. A number of existing rules or regulations may require disclosure about how a company uses artificial intelligence and the risks related to its use, including disclosure in the description of business section, risk factors, MD&A, the financial statements, and the board’s role in risk oversight,” Gerding said.
In 2024, the Division staff will consider how companies are describing these opportunities and risks, including, to the extent material, whether or not the company:
- clearly defines what it means by artificial intelligence and how the technology could improve the company’s results of operations, financial condition, and future prospects;
- provides tailored, rather than boilerplate, disclosures, commensurate with its materiality to the company, about material risks and the impact the technology is reasonably likely to have on its business and financial results;
- focuses on the company’s current or proposed use of artificial intelligence technology rather than generic buzz not relating to its business; and
- has a reasonable basis for its claims when discussing artificial intelligence prospects
Cybersecurity disclosure
Last July, the SEC adopted new rules to enhance and standardize disclosures regarding cybersecurity risks and incidents by public companies – requiring disclosures of material cybersecurity incidents and an annual disclosure of cybersecurity risk management, strategy and governance matters.
He reminded firms that December guidance clarified that consultation with the Department of Justice regarding a cybersecurity incident “does not necessarily result in the determination that the incident is material,” and that the requirements of the C&DI “do not preclude a registrant from consulting with the Department of Justice, including the FBI, the Cybersecurity & Infrastructure Security Agency, or any other law enforcement or national security agency at any point regarding the incident, including before a materiality assessment is completed.”
Indeed, Gerding hopes firms will engage with these federal law enforcement and national security offices “at the earliest possible moment after cybersecurity incidents occur,” as it’s in the interest of investors and the public.
Clawback disclosure
Reminding registrants of the new rules issued in October 2022 that directed companies listed with national securities exchanges to implement a policy providing for the recovery of erroneously awarded incentive-based compensation received by current or former executive officers and disclose it.
“The Division will continue its efforts to monitor disclosures made in response to this rule requirement and issue comments as necessary to improve disclosures,” Gerding said.